UPnP

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

January 30, 2013 UPDATE:

At the current time D-Link deploys firmware that has UPnP feature support on our devices. The UPnP features are enabled by software developer kits - Intel, Portable, and MiniUPnP.

Recently, it has been discovered that the following UPnP versions may have a security vulnerability that could cause devices to become unstable, impair functionality, or disclose the services the devices offers (i.e. network camera feed):

All Versions of Intel SDK

Version of Portable SDK prior to V. 1.6.18

Version of MiniUPnP SDK prior to V. 1.1

Security and performance is of the utmost importance to D-Link across all product lines, including networking, surveillance, storage and entertainment solutions.

D-Link is currently assessing the recent findings surrounding UPnP technology and whether any D-Link products are susceptible to vulnerabilities. If any action is needed, D-Link will provide information on this page.

We are currently updating our Vendor responses at US-CERT (US Computer Emergency Readiness Team) for the support CVEs (Common Vulnerabilities and Exposures).

We also discourage the use of industry-available tools available to the public because of the number of false-negatives and false-positives. This potential vulnerability is complex and requires deeper inspection and replacement of the recommend SDK stated in the CVEs.

Below is a list of D-Link products that are potentially vulnerable. If your product is not listed below, it is secure and not affected; no further action is required.